On the 22nd of August 2025, a critical vulnerability (CVE-2025-26496, CVSS 9.6/10) was disclosed affecting Salesforce Tableau Server and Tableau Desktop across Windows and Linux platforms.
The flaw allows attackers on the same network segment to upload specially crafted files and achieve arbitrary code execution with no privileges or user interaction required. Here’s how to protect your environment and how ACEN supports affected clients.
What’s going on?
⚠️ CVE-2025-26496 is a Type Confusion vulnerability in the File Upload modules of Tableau products.
⚠️ Attackers can exploit the flaw via Local Code Inclusion, using malicious file uploads to execute arbitrary code.
⚠️ The vulnerability is exploitable from adjacent networks and can lead to complete system compromise.
Affected versions & mitigation
Product | Affected Versions | Fixed Version |
Tableau Server & Desktop | Before 2025.1.3 | Apply latest updates from Salesforce |
✅ Mitigation guidance:
- Immediately update Tableau to a secure version
- Segment networks to restrict adjacent access
- Monitor upload directories and logs
- Enforce least privilege on file upload modules
- Review installations with a security assessment
Why is this a problem?
- This vulnerability is especially dangerous due to:
- No authentication or user interaction required
- Adjacent network attack vector
- High potential for remote code execution
- Impact on confidentiality, integrity, and availability
- Attackers could gain access to sensitive systems, deploy malware, and maintain persistence across compromised hosts.
How does ACEN protect its customers?
If you’re using ACEN’s Extended Detection and Response (XDR) solution, it is designed to block many types of exploitation attempts that occur after the initial compromise. This enables our teams to stop threats and launch an investigation.
ACEN’s MDR service also deploys tailored detection scenarios that monitor system logs from Windows, firewalls, Microsoft 365, and other sources to identify and stop threat actors.
In the event of a serious incident, our Computer Security Incident Response Team (CSIRT) is available to provide expert support and guidance.
We continue to emphasize the importance of proactive security measures. Please ensure your systems are updated with the latest patches and configurations.
What can you do to mitigate the attack?
✅ Apply the latest Tableau patches immediately
✅ Review upload permissions and logs
✅ Isolate Tableau environments from high-risk network segments
✅ Audit your Tableau deployments for misconfigurations or legacy versions
But what if you can’t?
🛡️ Restrict access to the upload functionality via firewall and access control
🛡️ Monitor for suspicious file upload activity
🛡️ Temporarily disable external upload functions if possible
